Bellow-Cooled PC Is A Well Engineered Display Piece

July 6, 2021 by Danie Conradie 19 Comments

The cooling systems on high-performance PCs are often a large part of their visual appeal, but we’ve never seen anything like [DIY Perks]’ latest build: A massive bellow-cooled PC.

The system is derived from a silent bellow system built by [DIY Perks] in 2020. It uses a clever combination of hydraulics and neodymium magnets to smoothly reciprocate a large plate within a chamber. Instead of blowing the air straight into the room, it pushes it through a pair of wood ducts into a second chamber with PC components, and out through a water-cooling radiator. To prevent the hot air from being sucked back in as the bellow reciprocates, a row of check valves was added on each side of the PC chamber and at the external intakes. The sides of the bellow chamber and PC chamber are made of glass to allow a full view of the internal components.

The build was not without complications. While disassembling the old bellow, the acrylic tube in which the magnet reciprocates shattered. When a replacement rube arrived, [DIY Perks] discovered the magnet’s fit was very loose. He solved this by increasing the thickness of the magnet’s nickel coating with another run of electroplating. To achieve a uniform coating, he agitated the plating solution by suspending the magnet from a small speaker playing a sine-wave tone. The cooling performance is excellent, keeping the CPU and GPU at 60C or below, even while running them at full tilt.

Continue reading “Bellow-Cooled PC Is A Well Engineered Display Piece” →

WiFiWart Linux Pentesting Device Gets First PCBs

July 3, 2021 by Tom Nardi 15 Comments

When we last checked in on the WiFiWart, an ambitious project to scratch-build a Linux powered penetration testing drop box small enough to be disguised as a standard phone charger, it was still in the early planning phases. In fact, the whole thing was little more than an idea. But we had a hunch that [Walker] was tenacious enough see the project through to reality, and now less than two months later, we’re happy to report that not only have the first prototype PCBs been assembled, but a community of like minded individuals is being built up around this exciting open source project.

Now before you get too excited, we should probably say that the prototypes didn’t actually work. Even worse, the precious Magic Smoke was released from the board’s Allwinner A33 ARM SoC when a pin only rated for 2.75 V was inadvertently fed 3.3 V. The culprit? Somehow [Walker] says he mistakenly ordered a 3.3 V regulator even though he had the appropriate 2.5 V model down in the Bill of Materials. A bummer to be sure, but that’s what prototypes are for.

Even though [Walker] wasn’t able to fire the board up, the fact that they even got produced shows just how much progress has been made in a relatively short amount of time. A lot of thought went into how the 1 GB DDR3 RAM would get connected to the A33, which includes a brief overview of how you do automatic trace length matching in KiCad. He’s also locked in component selections, such as the RTL8188CUS WiFi module, that were still being contemplated as of our last update.

Multiple boards make better use of vertical space.

Towards the end of the post, he even discusses the ultimate layout of the board, as the one he’s currently working on is just a functional prototype and would never actually fit inside of a phone charger. It sounds like the plan is to make use of the vertical real estate within the plastic enclosure of the charger, rather than trying to cram everything into a two dimensional design.

Want to get in on the fun, or just stay updated as [Walker] embarks on this epic journey? Perhaps you’d be interested in joining the recently formed Open Source Security Hardware Discord server he’s spun up. Whether you’ve got input on the design, or just want to hang out and watch the WiFiWart get developed, we’re sure he’d be happy to have you stop by.

The first post about this project got quite a response from Hackaday readers, and for good reason. While many in the hacking and making scene only have a passing interest in the security side of things, we all love our little little Linux boards. Especially ones that are being developed in the open.

This Week In Security: Bad Signs From Microsoft, An Epyc VM Escape

July 2, 2021 by Jonathan Bennett 14 Comments

Code signing is the silver bullet that will save us from malware, right? Not so much, particularly when vendors can be convinced to sign malicious code. Researchers at G DATA got a hit on a Windows kernel driver, indicating it might be malicious. That seemed strange, since the driver was properly signed by Microsoft. Upon further investigation, it became clear that this really was malware. The file was reported to Microsoft, the signature revoked, and the malware added to the Windows Defender definitions.

The official response from Microsoft is odd. They start off by assuring everyone that their driver signing process wasn’t actually compromised, like you would. The next part is weird. Talking about the people behind the malware: “The actor’s goal is to use the driver to spoof their geo-location to cheat the system and play from anywhere. The malware enables them to gain an advantage in games and possibly exploit other players by compromising their accounts through common tools like keyloggers.” This doesn’t seem to really match the observed behavior of the malware — it seemed to be decoding SSL connections and sending the data to the C&C server. We’ll update you if we hear anything more on this one.
Continue reading “This Week In Security: Bad Signs From Microsoft, An Epyc VM Escape” →

A Modern Take On The “Luggable” Computer

June 28, 2021 by Tom Nardi 25 Comments

Back before the industry agreed on the now ubiquitous clamshell form factor of portable computers, there were a class of not-quite-desktop computers that the community affectionately refers to as “luggable” PCs. These machines, from companies like Kaypro and Osborne, were only portable in the sense that their integrated design made it relatively easy to move them. Things we take for granted today, like the ability to run on battery power or being light enough to actually place in your lap, wouldn’t come until later.

For a contemporary take on this decades old concept, take a look at this fantastic build by [Ragnar84]. It packs a modern desktop computer and a 15.6 inch laptop display into a custom designed case, but like so many other projects, the devil is truly in the details for this one. Little touches such as the kickstand on the bottom, the removable handle on the top, and the right angle adapter that takes the HDMI output from the GeForce GTX 1060 video card and redirects it back into the case really add up to create a surprisingly practical computer that’s more than the sum of its parts.

While the case might look like your standard gamer fare, [Ragnar84] built the whole thing out of miniature T-Slot extrusion and custom-cut aluminum and acrylic panels. But not before modelling the whole thing in 3D to make sure all of his selected components would fit. For the most part the internals aren’t unlike a standard Mini-ITX build, though he did need to make a few special additions like a shelf to mount the driver board for the N156H LCD panel, and a clever clamp to hold down the rounded USB speakers.

We’ve seen some impressive recreations of the classic luggable in the past, but those have usually been powered by the Raspberry Pi and leaned heavily into the retrofuturism that’s a hallmark of the nascent cyberdeck movement. In contrast [Ragnar84] has put together something that looks perfectly usable, and dare we say it, maybe even practical.

This Week In Security: Schemeflood, Modern Wardialing, And More!

June 25, 2021 by Jonathan Bennett 17 Comments

There’s been yet another technique discovered to fingerprint users, and this one can even work in the Tor browser. Scheme flooding works by making calls to application URLs, something like steam://browsemedia. If your machine supports the requested custom URL, a pop-up is displayed, asking permission to launch the external application. That pop-up can be detected by JavaScript in the browser. Detect enough apps, and you can build a reasonable fingerprint of the system the test is run on. Unlike some previous fingerprinting techniques, this one isn’t browser dependent — it will theoretically give the same results for any browser. This means even the Tor browser, or any browser being used over the Tor network, can give your potentially unique set of installed programs away.

Now for the good news. The Chrome devs are already working on this issue, and in fact, Chrome on my Linux desktop didn’t respond to the probes in a useful way. Feel free to check out the demo, and see if the results are accurate. And as for Tor, you really should be running that on a dedicated system or in a VM if you really need to stay anonymous. And disable JavaScript if you don’t want the Internet to run code on your computer.
Continue reading “This Week In Security: Schemeflood, Modern Wardialing, And More!” →

Rocky Linux Is Ready For Prime Time!

June 24, 2021 by Jonathan Bennett 23 Comments

For some small percentage of the Hackaday crowd, our world got turned upside down at the end of last year, when Red Hat announced changes to CentOS. That distro is the official repackage of Red Hat Enterprise Linux, providing a free, de-branded version of RHEL. The big problem was that CentOS 8 support has been cut way short, ending at the end of 2021 instead of the expected 2029. This caused no shortage of consternation in the community, and a few people and companies stepped forward to provide their own CentOS alternative, with AlmaLinux and Rocky Linux being the two most promising. AlmaLinux minted their first release in March, but the Rocky project made the decision to take things a bit slower. The wait is over, and the Rocky Linux 8.4 release is ready.

Not only are there ISOs for new installs, there is also a script to convert a CentOS 8 install to Rocky. Now before you run out and convert all your CentOS machines, there are a few caveats. First, the upgrade script is still being tested and fixed as problems are found. The big outstanding issue is that Secure Boot isn’t working yet. The process of spinning up a new Secure Boot shim and getting it properly signed is non-trivial, and takes time. The plan is to do an 8.4 re-release when the shim is ready, so keep an eye out for that, if you need Secure Boot support.

The future looks bright for enterprise Linux, with options such as Rocky Linux, AlmaLinux, and even CentOS Stream. It’s worth noting that Rocky has a newly formed company behind it, CIQ, offering support if you want it. The Rocky crew is planning a launch party online on June 25th, so tune in if that’s your thing. Regardless of which Linux OS you run, it’s good to have Rocky in the game.

PipeWire, The Newest Audio Kid On The Linux Block

June 23, 2021 by Jonathan Bennett 65 Comments

Raise your hand if you remember when PulseAudio was famous for breaking audio on Linux for everyone. For quite a few years, the standard answer for any audio problem on Linux was to uninstall PulseAudio, and just use ALSA. It’s probably the case that a number of distros switched to Pulse before it was quite ready. My experience was that after a couple years of fixing bugs, the experience got to be quite stable and useful. PulseAudio brought some really nice features to Linux, like moving sound streams between devices and dynamically resampling streams as needed.

Continue reading “PipeWire, The Newest Audio Kid On The Linux Block” →